Reputation: 2065
MVC Redirect with custom headers
Hopefully this is a simple question for someone out there.
Basically upon receiving a request to my MVC controller, I want to:
- Add an "Authorization" header to the response
- Redirect to another application sitting on another domain
- Read the "Authorization" header at this external site.
It appears the act of redirecting, strips out all my custom headers and redirects.
My question, how can I add a new header, AND perform a redirect, AND have that header show up in the headers for the receiving host [at the end of the redirect] to read?
Upvotes: 8
Views: 18632
Answers (2)
Reputation: 239250
You can't. That's not how HTTP works. First, a "redirect" is just a 301, 302, or (since HTTP 1.1) 307 status code with the Location header set to the URL the client should go to. It's the client that initiates the request to that URL, so you have no control over what headers they send.
Second, HTTP is stateless, so the fact that an Authorization header was sent in some response at some point has zero bearing on anything that happens in any future requests. Web browsers and other HTTP clients skirt around the stateless nature of HTTP by using sessions on the server-side and cookies on the client side. The client sends the cookie to the server with the request. The cookie matches an item in the session store on the server, and the server loads up the data from that session to give the appearance as though state was maintained.
Third, cookies don't work in this situation, because they are domain bound and are not sent along with requests to domains they did not originate from. So, even if you were to create session to maintain the authorization, the other site would never see it.
FWIW, the basic premise here, sharing authentication state with a different domain, is exactly what technologies like OAuth were developed for. So direct future research in that direction.
Upvotes: 11
Reputation: 100527
No - 302 redirect are handled by browser and it will not re-attach headers.
Options:
- server side proxy
- use cookies instead of other headers (if it is the same domain, not your case per 2)
- manual redirect client side (may be ok since you are making AJAX call anyway).
Upvotes: 2
Related Questions
- MVC 4 RedirectToAction does not see Custom Header
- Wrangling Control of HTTP Headers in ASP.NET
- Adding headers in ASP.NET MVC 3
- "Cannot redirect after HTTP headers have been sent" when doing RedirectToAction()
- How to add custom HTTP Headers in Asp.Net-MVC
- Redirect in MVC does not work as expected
- MVC4 add header to redirect response does not work
- Cannot redirect after HTTP headers have been sent MVC3
- How can I redirect to an URL with custom headers using C#?
- Cannot redirect after HTTP headers have been sent